Re: [xri] Minutes: XRI TC Telecon 2-3PM PT Thursday 2009-06-11

[John Bradley <jbradley@mac.com>]

It should also be pointed out that a lack of support in openXRI and in  
the root authority servers was probably what stopped  XML Dsig in XRI  
2.0.

 From conversations a year or so ago I recall that Dirk and Brenno had  
some other issues as well.   Though none of them at the time regarding  
cannonicalization.

John B.
On 12-Jun-09, at 4:40 AM, Nat Sakimura wrote:

> It is kind of interesting that OpenID list is generally negative
> against XML Dsig while OAuth is positive (though, as Eran states,
> there is no use case for OAuth but for OpenID.)
>
> So, I posted next question to the OpenID List whether they
> would be amiable to XML DSig if native language form of
> libraries are provided to them. (I hope they will be.)
>
> We all know that XML DSig in XRI Resolution 2.0 did not get
> any support. One of the factor must have been the lack of
> easy to use library. This is one of the thing that we must
> address.
>
> Scott's description of the constrained C14N  would be a
> good tool for changing people's mind set.
>
> IMHO, writing a good spec is one thing, but getting the
> traction on it is also as important. Trying what we have
> failed before again without a countermeasure is something
> what I would like to avoid.
>
> =nat
>
> --------------------------------------------------
> From: "Drummond Reed" <drummond.reed@cordance.net>
> Sent: Friday, June 12, 2009 9:58 AM
> To: "'XRI TC'" <xri@lists.oasis-open.org>
> Subject: [xri] Minutes: XRI TC Telecon 2-3PM PT Thursday 2009-06-11
>
>> Following are the minutes of the unofficial telecon of the XRI TC at:
>>
>> Date:  Thursday, 11 June 2009 USA
>> Time:  2:00PM - 3:00PM Pacific Time (21:00-22:00 UTC)
>>
>> (Note: Drummond could not attend so these minutes were taken by  
>> John.)
>>
>> ATTENDING
>>
>> Scott Cantor
>> Nat Sakimura
>> Will Norris
>> John Bradley
>>
>> REGRETS
>>
>> Drummond Reed
>> Eran Hammer-Lahav
>>
>>
>> 1) DO WE STILL NEED A SIMPLE SIGNING METHOD?
>>
>> Among the attendees on this call, the consensus was, "probably not".
>>
>> Nat is still concerned about adoption, and is looking for more  
>> feedback from
>> the OpenID mailing list.
>>
>> John cynically thinks signing will not be popular with some people  
>> no matter
>> what the canonicalization method is.
>>
>> Scott is going to create a description of the constrained form.
>>
>> Scott added the following comment in email:
>>
>> ***** BEGIN QUOTE *****
>>
>> Just for the permanent record, on the sparsely attended call today  
>> I raised
>> one of my other concerns about the proliferation of proprietary  
>> signing
>> mechanisms in specs, which is algorithm agility.
>>
>> I had been planning to mention to Will that copying the SAML spec's  
>> outdated
>> recommendation to use RSAwithSHA1 as the signing algorithm was  
>> probably not
>> the ideal choice, since SHA256 is gradually replacing SHA1 as the  
>> current
>> "best option" until the new hash standard is done.
>>
>> The more one duplicates signing functionality across multiple spots  
>> in the
>> software stack, the harder it is to maintain control over the  
>> algorithms
>> being used and maintain some degree of agility as these old  
>> algorithms fall
>> into disrepair.
>>
>> ***** END QUOTE *****
>>
>> John thinks that once implementers try c14n once they will like it  
>> "like
>> green eggs and ham", as Dr. Suess said. He said that making sure  
>> the 5 or 6
>> main OpenID libraries support it will cover 90% of the initial users.
>>
>>
>> 2) OTHER XRD 1.0 ISSUES
>>
>> Will raised the question of TargetSubject and how that would work  
>> when
>> delegating entire domains. It may be that using TargetAuthority  
>> will be
>> sufficient.  Will is exploring use cases.
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this mail list, you must leave the OASIS TC that
>> generates this mail.  Follow this link to all your TCs in OASIS at:
>> https://www.oasis-open.org/apps/org/workgroup/portal/ 
>> my_workgroups.php
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php